diff options
-rw-r--r-- | firefox.spec | 9 | ||||
-rw-r--r-- | mozilla-1673202.patch | 46 |
2 files changed, 54 insertions, 1 deletions
diff --git a/firefox.spec b/firefox.spec index 0cb282f..49e734c 100644 --- a/firefox.spec +++ b/firefox.spec @@ -107,7 +107,7 @@ ExcludeArch: s390x Summary: Mozilla Firefox Web browser Name: firefox Version: 82.0 -Release: 6%{?dist} +Release: 7%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz @@ -174,6 +174,7 @@ Patch412: mozilla-1634404.patch Patch413: mozilla-1669495.patch Patch414: mozilla-1656727.patch Patch415: mozilla-1670333.patch +Patch416: mozilla-1673202.patch # Wayland specific upstream patches Patch574: firefox-pipewire-0-2.patch @@ -383,6 +384,9 @@ This package contains results of tests executed during build. %patch413 -p1 -b .1669495 %patch414 -p1 -b .1656727 %patch415 -p1 -b .1670333 +%if 0%{?fedora} > 33 || 0%{?eln} +%patch416 -p1 -b .1673202 +%endif # Wayland specific upstream patches %if 0%{?fedora} > 31 || 0%{?eln} @@ -981,6 +985,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Tue Oct 27 2020 Martin Stransky <stransky@redhat.com> - 82.0-7 +- Added fix for rawhide crashes (rhbz#1891234) + * Sat Oct 24 2020 Martin Stransky <stransky@redhat.com> - 82.0-6 - Enable LTO diff --git a/mozilla-1673202.patch b/mozilla-1673202.patch new file mode 100644 index 0000000..711a975 --- /dev/null +++ b/mozilla-1673202.patch @@ -0,0 +1,46 @@ +# HG changeset patch +# User Jed Davis <jld@mozilla.com> + +Bug 1673202 - Call fstat directly in Linux sandbox fstatat interception. r?gcp + +Sandbox policies handle the case of `fstatat(fd, "", AT_EMPTY_PATH|...)` +by invoking the SIGSYS handler (because seccomp-bpf can't tell if the +string will be empty when the syscall would use it), which makes the +equivalent call to `fstat`. + +Unfortunately, recent development versions of glibc implement `fstat` by +calling `fstatat`, which causes unbounded recursion and stack overflow. +(This depends on the headers present at build time; see the bug for more +details.) This patch switches it to use the `fstat` (or `fstat64` on +32-bit) syscall directly. + +Differential Revision: https://phabricator.services.mozilla.com/D94798 + +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +index 9bdb10c49e085..a128cce7b266c 100644 +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -294,17 +294,21 @@ class SandboxPolicyCommon : public SandboxPolicyBase { + auto broker = static_cast<SandboxBrokerClient*>(aux); + auto fd = static_cast<int>(aArgs.args[0]); + auto path = reinterpret_cast<const char*>(aArgs.args[1]); + auto buf = reinterpret_cast<statstruct*>(aArgs.args[2]); + auto flags = static_cast<int>(aArgs.args[3]); + + if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 && + strcmp(path, "") == 0) { +- return ConvertError(fstatsyscall(fd, buf)); ++#ifdef __NR_fstat64 ++ return DoSyscall(__NR_fstat64, fd, buf); ++#else ++ return DoSyscall(__NR_fstat, fd, buf); ++#endif + } + + if (fd != AT_FDCWD && path[0] != '/') { + SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, 0x%x)", + fd, path, buf, flags); + return BlockedSyscallTrap(aArgs, nullptr); + } + + |